diff options
author | security tracker role <sectracker@soriano.debian.org> | 2021-01-27 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2021-01-27 20:10:22 +0000 |
commit | 555e78bc45263a9494870ee2e8cc6d03dc26cf78 (patch) | |
tree | 28b4f9497203d263326af74c657565a99fe782f3 | |
parent | eb4d77acdfd77d2c9ceb772aecc7632aa947f87d (diff) |
automatic update
-rw-r--r-- | data/CVE/2017.list | 1 | ||||
-rw-r--r-- | data/CVE/2019.list | 7 | ||||
-rw-r--r-- | data/CVE/2020.list | 118 | ||||
-rw-r--r-- | data/CVE/2021.list | 64 |
4 files changed, 111 insertions, 79 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index fb2735b74a..c3a27825ea 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -33215,6 +33215,7 @@ CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decod - linux 4.11.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0 CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...) + {DLA-2535-1} - ansible 2.3.1.0+dfsg-1 (bug #862666) [jessie] - ansible <not-affected> (vulnerable code introduced in version 2.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 951460d785..6f1143f019 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3198,6 +3198,7 @@ CVE-2019-19730 CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...) NOT-FOR-US: bsjon-objectid node module CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...) + {DSA-4841-1} - slurm-llnl 19.05.5-1 [stretch] - slurm-llnl <no-dsa> (Minor issue) [jessie] - slurm-llnl <ignored> (Minor issue, fix introduces regression, upstream refuses access to bug tracker) @@ -15278,6 +15279,7 @@ CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x befor NOTE: https://github.com/ansible/ansible/pull/65423 NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...) + {DLA-2535-1} - ansible 2.9.4+dfsg-1 (low) [buster] - ansible <no-dsa> (Minor issue) [jessie] - ansible <not-affected> (Vulnerable module first bundled in 2.0) @@ -15612,7 +15614,7 @@ CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4. [jessie] - samba <no-dsa> (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html CVE-2019-14846 (Ansible, all ansible_engine-2.x versions and ansible_engine-3.x up to ...) - {DLA-2202-1} + {DLA-2535-1 DLA-2202-1} - ansible 2.8.6+dfsg-1 (low; bug #942188) [buster] - ansible <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373 @@ -28227,6 +28229,7 @@ CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a NOTE: https://github.com/ansible/ansible/pull/63351 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829 CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...) + {DLA-2535-1} - ansible 2.8.6+dfsg-1 (bug #933005) [buster] - ansible <no-dsa> (Minor issue) [jessie] - ansible <not-affected> (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords) @@ -28448,7 +28451,7 @@ CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...) NOT-FOR-US: Keycloak CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...) - {DLA-1923-1} + {DLA-2535-1 DLA-1923-1} - ansible 2.8.3+dfsg-1 (low; bug #930065) [buster] - ansible <no-dsa> (Minor issue) NOTE: https://github.com/ansible/ansible/pull/57188 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 317e26d44d..03353e1174 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -549,8 +549,8 @@ CVE-2020-36014 RESERVED CVE-2020-36013 RESERVED -CVE-2020-36012 - RESERVED +CVE-2020-36012 (Stored XSS vulnerability in BDTASK Multi-Store Inventory Management Sy ...) + TODO: check CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart ...) NOT-FOR-US: QDOCS Smart Hospital Management System CVE-2020-36010 @@ -7182,6 +7182,7 @@ CVE-2020-27748 [local file inclusion vulnerability] CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...) NOT-FOR-US: Click Studios Passwordstate CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...) + {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #974722) [stretch] - slurm-llnl <no-dsa> (Minor issue) @@ -7190,6 +7191,7 @@ CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive I NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...) + {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #974721) [stretch] - slurm-llnl <no-dsa> (Minor issue) @@ -8846,6 +8848,7 @@ CVE-2020-26977 (By attempting to connect a website using an unresponsive port, a - firefox <not-affected> (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977 CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...) + {DSA-4840-1} - firefox 84.0-1 - firefox-esr 78.7.0esr-1 - thunderbird <unfixed> @@ -16968,26 +16971,26 @@ CVE-2020-23363 RESERVED CVE-2020-23362 RESERVED -CVE-2020-23361 - RESERVED -CVE-2020-23360 - RESERVED -CVE-2020-23359 - RESERVED +CVE-2020-23361 (phpList 3.5.3 allows type juggling for login bypass because == is used ...) + TODO: check +CVE-2020-23360 (oscommerce v2.3.4.1 has a functional problem in user registration and ...) + TODO: check +CVE-2020-23359 (WeBid 1.2.2 admin/newuser.php has an issue with password rechecking du ...) + TODO: check CVE-2020-23358 RESERVED CVE-2020-23357 RESERVED -CVE-2020-23356 - RESERVED -CVE-2020-23355 - RESERVED +CVE-2020-23356 (dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type ju ...) + TODO: check +CVE-2020-23355 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/use ...) + TODO: check CVE-2020-23354 RESERVED CVE-2020-23353 RESERVED -CVE-2020-23352 - RESERVED +CVE-2020-23352 (Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP l ...) + TODO: check CVE-2020-23351 RESERVED CVE-2020-23350 @@ -31739,27 +31742,27 @@ CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archi NOTE: https://kde.org/info/security/advisory-20200730-1.txt NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f CVE-2020-16115 - RESERVED + REJECTED CVE-2020-16114 - RESERVED + REJECTED CVE-2020-16113 - RESERVED + REJECTED CVE-2020-16112 - RESERVED + REJECTED CVE-2020-16111 - RESERVED + REJECTED CVE-2020-16110 - RESERVED + REJECTED CVE-2020-16109 - RESERVED + REJECTED CVE-2020-16108 - RESERVED + REJECTED CVE-2020-16107 - RESERVED + REJECTED CVE-2020-16106 - RESERVED + REJECTED CVE-2020-16105 - RESERVED + REJECTED CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...) @@ -40500,6 +40503,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020- CVE-2020-12694 RESERVED CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...) + {DSA-4841-1} - slurm-wlm <not-affected> (Fixed with first upload to Debian with renamed source package) - slurm-llnl <removed> (bug #961406) [stretch] - slurm-llnl <no-dsa> (Minor issue) @@ -58388,10 +58392,10 @@ CVE-2020-5430 REJECTED CVE-2020-5429 REJECTED -CVE-2020-5428 - RESERVED -CVE-2020-5427 - RESERVED +CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and below, may b ...) + TODO: check +CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5 ...) + TODO: check CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...) NOT-FOR-US: Vmware CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...) @@ -59481,8 +59485,8 @@ CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could all NOT-FOR-US: IBM CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...) NOT-FOR-US: IBM -CVE-2020-4967 - RESERVED +CVE-2020-4967 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive inf ...) + TODO: check CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...) NOT-FOR-US: IBM CVE-2020-4965 @@ -59511,8 +59515,8 @@ CVE-2020-4954 RESERVED CVE-2020-4953 RESERVED -CVE-2020-4952 - RESERVED +CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...) + TODO: check CVE-2020-4951 RESERVED CVE-2020-4950 @@ -59685,8 +59689,8 @@ CVE-2020-4867 RESERVED CVE-2020-4866 RESERVED -CVE-2020-4865 - RESERVED +CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) + TODO: check CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...) NOT-FOR-US: IBM CVE-2020-4863 @@ -59705,8 +59709,8 @@ CVE-2020-4857 RESERVED CVE-2020-4856 RESERVED -CVE-2020-4855 - RESERVED +CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) + TODO: check CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4853 @@ -59775,18 +59779,18 @@ CVE-2020-4822 RESERVED CVE-2020-4821 RESERVED -CVE-2020-4820 - RESERVED +CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site ...) + TODO: check CVE-2020-4819 RESERVED CVE-2020-4818 RESERVED CVE-2020-4817 RESERVED -CVE-2020-4816 - RESERVED -CVE-2020-4815 - RESERVED +CVE-2020-4816 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacke ...) + TODO: check +CVE-2020-4815 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to ...) + TODO: check CVE-2020-4814 RESERVED CVE-2020-4813 @@ -59837,17 +59841,17 @@ CVE-2020-4791 RESERVED CVE-2020-4790 RESERVED -CVE-2020-4789 - RESERVED +CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) + TODO: check CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...) {DLA-2483-1} - linux 5.9.11-1 [buster] - linux 4.19.160-1 [stretch] - linux <ignored> (powerpc architectures not included in LTS) -CVE-2020-4787 - RESERVED -CVE-2020-4786 - RESERVED +CVE-2020-4787 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) + TODO: check +CVE-2020-4786 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) + TODO: check CVE-2020-4785 (IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1. ...) NOT-FOR-US: IBM CVE-2020-4784 @@ -60162,8 +60166,8 @@ CVE-2020-4630 RESERVED CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM -CVE-2020-4628 - RESERVED +CVE-2020-4628 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a re ...) + TODO: check CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS ...) NOT-FOR-US: IBM CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive infor ...) @@ -60324,8 +60328,8 @@ CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to exe NOT-FOR-US: IBM CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input ...) NOT-FOR-US: IBM -CVE-2020-4547 - RESERVED +CVE-2020-4547 (IBM Jazz Foundation products could allow a remote attacker to hijack t ...) + TODO: check CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...) @@ -60370,8 +60374,8 @@ CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cros NOT-FOR-US: IBM CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM -CVE-2020-4524 - RESERVED +CVE-2020-4524 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) + TODO: check CVE-2020-4523 RESERVED CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) @@ -61040,8 +61044,8 @@ CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographi NOT-FOR-US: IBM CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...) NOT-FOR-US: IBM -CVE-2020-4189 - RESERVED +CVE-2020-4189 (IBM Security Guardium 11.2 discloses sensitive information in the resp ...) + TODO: check CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...) NOT-FOR-US: IBM CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 7f5363599a..f5e6ce91e0 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,3 +1,25 @@ +CVE-2021-3326 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) + TODO: check +CVE-2021-3325 (Monitorix 3.13.0 allows remote attackers to bypass Basic Authenticatio ...) + TODO: check +CVE-2021-3324 + RESERVED +CVE-2021-3323 + RESERVED +CVE-2021-3322 + RESERVED +CVE-2021-3321 + RESERVED +CVE-2021-3320 + RESERVED +CVE-2021-3319 + RESERVED +CVE-2021-3318 (attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editori ...) + TODO: check +CVE-2021-26274 + RESERVED +CVE-2021-26273 + RESERVED CVE-2021-XXXX [glibc: assertion failure in ISO-2022-JP-3 module] - glibc <unfixed> (bug #981198) [buster] - glibc <no-dsa> (Minor issue) @@ -372,10 +394,10 @@ CVE-2021-26120 RESERVED CVE-2021-26119 RESERVED -CVE-2021-26118 - RESERVED -CVE-2021-26117 - RESERVED +CVE-2021-26118 (While investigating ARTEMIS-2964 it was found that the creation of adv ...) + TODO: check +CVE-2021-26117 (The optional ActiveMQ LDAP login module can be configured to use anony ...) + TODO: check CVE-2021-26116 RESERVED CVE-2021-26115 @@ -839,8 +861,8 @@ CVE-2021-3274 RESERVED CVE-2021-3273 RESERVED -CVE-2021-3272 - RESERVED +CVE-2021-3272 (jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-b ...) + TODO: check CVE-2021-3271 (PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS ca ...) NOT-FOR-US: PressBooks CVE-2021-3270 @@ -2239,13 +2261,11 @@ CVE-2021-3176 RESERVED CVE-2021-3175 RESERVED -CVE-2021-25312 [HTCONDOR-2021-0001] - RESERVED +CVE-2021-25312 (HTCondor before 8.9.11 allows a user to submit a job as another user o ...) - condor <undetermined> NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0001.html TODO: check details, as according to advisory specific versions are mentioned -CVE-2021-25311 [HTCONDOR-2021-0002] - RESERVED +CVE-2021-25311 (condor_credd in HTCondor before 8.9.11 allows Directory Traversal outs ...) - condor <undetermined> NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0002.html TODO: check details, according to advisory, only affects versions starting at 8.9.7 but details are not clear @@ -5067,6 +5087,7 @@ CVE-2021-23965 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23965 CVE-2021-23964 RESERVED + {DSA-4840-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird <unfixed> @@ -5087,6 +5108,7 @@ CVE-2021-23961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23961 CVE-2021-23960 RESERVED + {DSA-4840-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird <unfixed> @@ -5115,6 +5137,7 @@ CVE-2021-23955 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/#CVE-2021-23955 CVE-2021-23954 RESERVED + {DSA-4840-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird <unfixed> @@ -5123,6 +5146,7 @@ CVE-2021-23954 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2021-23954 CVE-2021-23953 RESERVED + {DSA-4840-1} - firefox-esr 78.7.0esr-1 - firefox 85.0-1 - thunderbird <unfixed> @@ -7793,12 +7817,12 @@ CVE-2021-22657 RESERVED CVE-2021-22656 RESERVED -CVE-2021-22655 - RESERVED +CVE-2021-22655 (Multiple out-of-bounds read issues have been identified in the way the ...) + TODO: check CVE-2021-22654 RESERVED -CVE-2021-22653 - RESERVED +CVE-2021-22653 (Multiple out-of-bounds write issues have been identified in the way th ...) + TODO: check CVE-2021-22652 RESERVED CVE-2021-22651 @@ -7821,12 +7845,12 @@ CVE-2021-22643 RESERVED CVE-2021-22642 RESERVED -CVE-2021-22641 - RESERVED +CVE-2021-22641 (A heap-based buffer overflow issue has been identified in the way the ...) + TODO: check CVE-2021-22640 RESERVED -CVE-2021-22639 - RESERVED +CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...) + TODO: check CVE-2021-22638 RESERVED CVE-2021-22637 @@ -12519,8 +12543,8 @@ CVE-2021-20359 RESERVED CVE-2021-20358 RESERVED -CVE-2021-20357 - RESERVED +CVE-2021-20357 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) + TODO: check CVE-2021-20356 RESERVED CVE-2021-20355 |